from the deterrents-never-used-will-rarely-exhibit-a-deterrent-effect dept

The seventh Appeals Court to weigh in [PDF] on the FBI's Network Investigative Technique deployed in the Playpen child porn investigation has weighed in. Unfortunately, it makes the Sixth Circuit the seventh appeals court to find the FBI's warrant problematic, but willing to apply the "good faith" band-aid.

The problem with the application of the "good faith exception" is it assumes good faith on behalf of the FBI. There's no reason to believe the FBI acted in good faith, though. While it was in the process of obtaining a single warrant allowing it to search computers all over the world, it was well aware Rule 41 limited searches to the jurisdiction where the warrant was obtained. It knew this because the DOJ was in the process of asking the Supreme Court and Congress to change Rule 41 to remove the jurisdiction limits while it was pursuing this investigation.

The Appeals Court grants good faith anyway, despite this background. It does do us (and the appellant) the favor of discussing good faith in light of the DOJ's simultaneous attempt to codify searches it was already performing, but just because the discussion is expanded a bit doesn't mean it makes much sense. Here's the opening of the Sixth Circuit's federal forgiveness pitch:

The good-faith exception is not concerned with whether a valid warrant exists, but instead asks whether a reasonably well-trained officer would have known that a search was illegal.

A "well-trained officer" should never have sought the search warrant in the first place, because a "well-trained officer" would have known search warrants were limited to the jurisdiction they were issued in. But the agent sought the warrant anyway and a magistrate judge actually approved it. The judge's approval means more to the Sixth Circuit than the FBI's bad faith proposition.

For the same reasons articulated in Master, we conclude that the good-faith exception is not categorically inapplicable to warrants found to be void ab initio. The difference between a state court judge acting without authority and a federal magistrate judge acting without authority is of little significance—in both instances, the individual who signed the warrant (arguably) had no power to do so. Master’s holding that the good-faith exception applies to one applies with equal force to the other. Accordingly, the good-faith exception to the exclusionary rule is not categorically inapplicable to warrants that are void ab initio because of a magistrate judge’s jurisdictional error.

But the case cited (Master) isn't applicable to this situation. In that case, an officer presented a warrant request to the wrong county judge, accidentally obtaining permission to search outside of the judge's jurisdiction. A similar mistake could not have possibly been made with this warrant request. A federal magistrate -- whose jurisdiction covers an entire state -- could not have been mistakenly approached to grant permission to search an entire nation. The FBI's warrant affidavit clearly states it sought to search computers without knowing where any of the targets were located. The judge saw this and signed it anyway. Even if the judge blew the call, there's no way anyone can argue with a straight face the FBI did not know the warrant request violated the law as it stood when it requested permission to deploy its NIT.

It may have been "reasonable" for the FBI agent to rely on the issued warrant, but only if you ignore what was happening at the DOJ during the time this investigation was occurring. In fact, it can be argued this investigation and a similar one in 2014 expedited the DOJ's efforts on this front as it surely recognized some judges were going to find its NIT warrant invalid.

This explanation by the Sixth Circuit of its decision to extend good faith to the FBI agent doesn't help. In fact, it doesn't make sense.

But reasonable jurists have come to different conclusions about whether the NIT Warrant was valid. Compare United States v. Austin, 230 F. Supp. 3d 828, 833 (M.D. Tenn. 2017) (finding the NIT Warrant does not violate Rule 41(b) because it is the equivalent of a “tracking device” and therefore falls under the ambit of Rule 41(b)(4)), with United States v. Croghan, 209 F. Supp. 3d 1080, 1089 (S.D. Iowa 2016) (concluding that the magistrate judge lacked authority to issue the NIT Warrant), overruled on other grounds by Horton, 863 F.3d at 1052. We cannot, therefore, expect officers to have known that this type of warrant was invalid at the time it was sought. See Workman, 863 F.3d at 1321 (“[I]f a violation took place, it has escaped the notice of eight federal judges who have held that the same warrant complied with federal law and the federal rules even though data was being extracted from computers outside the Eastern District of Virginia. . . . [E]xecuting agents could reasonably have made the same mistake and reasonably relied on the magistrate judge’s decision to issue the warrant.”).

The court is saying an FBI agent -- requesting a warrant in 2015 -- can be excused for his Rule 41 ignorance because court decisions made 1-2 years after the warrant was sought suggest the NIT warrant area might have been a bit more gray than previously imagined. Furthering the retroactive forgiveness, the court goes on to point out -- as others have -- that Rule 41 changes, which went into effect more than two years after the warrant was obtained, now makes this sort of search legal. Since suppressing evidence is supposed to deter bad behavior by law enforcement, a past abuse that has been codified into law does not present further opportunities for exactly this same abuse of authority.

Certainly it would be impossible to violate rights in the same exact way again, what with the rules having been changed following the abuses contained in this investigation. But the deterrent effect of suppression would discourage law enforcement from seeking permission to perform illegal searches, even if there's a chance those searches may become Constitutional in the future due to changes in the law. This is the court telling law enforcement to roll the dice in edge cases because you just never know what the future might bring. This encourages misconduct because it demonstrates the extent of the federal courts' capacity to forgive.

from the fixing-it-in-post dept

It doesn't appear the Supreme Court will have to resolve a circuit split on the FBI's malware warrant used in its Playpen child porn investigation. The same day the Ninth Circuit Appeals Court found in favor of the FBI, the Seventh Circuit reached the same conclusion [PDF], bringing the FBI's "good faith" total to five appellate wins versus zero losses.

The Seventh's reasoning echoes that of the other circuits: the warrant may have been invalid (seeing as its jurisdiction limits were immediately violated by the FBI's malware deployment), but the FBI was correct to rely on the magistrate's screwup.

Federal Rule of Criminal Procedure 41(b)(1) authorizes a magistrate judge “to issue a warrant to search for and seize a person or property located within the [magistrate judge’s] district.” This warrant, they say, extended to people and property located outside the magistrate’s district. Defendants contend that a void warrant is tantamount to no warrant at all, nullifying the good-faith exception.

We disagree. Even if the warrant were void ab initio, we would treat this like any other constitutional violation. We see no reason to make the good-faith exception unavailable in such cases.

I'm sure the Seventh didn't mean to make it sound like it would excuse "any other constitutional violation," but that's kind of how it reads. What the court is saying is that it won't suppress the evidence obtained with an invalid warrant. It doesn't go as far as other courts have and find that there's no deterrent effect in suppressing evidence because the illegal actions engaged in by the FBI were made legal after the fact. But it does say suppression is unreasonable because it punishes the FBI for the magistrate judge's error.

The deterrence rationale for the exclusionary rule aims at the conduct of the police, not the conduct of the magistrate judge. See Davis, 564 U.S. at 238 (focusing the cost-benefit analysis in exclusion cases on the “flagrancy of the police misconduct” at issue). Thus, whether the magistrate judge lacked authority has no impact on the rule. As Leon explains, “[p]enalizing the officer for the magistrate’s error, rather than his own, cannot logically contribute to the deterrence of Fourth Amendment violations.”

What's more troubling is that its discussion of the FBI's "good faith" grants credence to one of the FBI's more disingenuous arguments: that the malware it sent was a "tracking device" rather than a search, making its deployment from a seized server in Virginia constitutional because the FBI obviously can't control where tracking devices end up after they're deployed. This legal theory has been criticized in other courts even while finding the FBI, overall, acted in good faith. Here's a quote from the Third Circuit's decision, which calls out the FBI for its appellate-level goalpost moving.

We need not resolve Werdene’s contention that the Government waived this argument because we find that the Government’s tracking device analogy is inapposite. As an initial matter, it is clear that the FBI did not believe that the NIT was a tracking device at the time that it sought the warrant. Warrants issued under Rule 41(b)(4) are specialized documents that are denominated “Tracking Warrant” and require the Government to submit a specialized “Application for a Tracking Warrant.” See ADMINISTRATIVE OFFICE OF U.S. COURTS, CRIMINAL FORMS AO 102 (2009) & AO 104 (2016). Here, the FBI did not submit an application for a tracking warrant – rather, it applied for, and received, a standard search warrant. Indeed, the term “tracking device” is absent from the NIT warrant application and supporting affidavit.

The Seventh Circuit gives the government credit where none is due.

Perhaps the warrant impermissibly allowed the search of computers outside the magistrate judge’s district, as the defendants suggest. But the government suggests another theory. It notes that under Rule 41(b)(4), a magistrate judge can issue a warrant for the installation of a “tracking device” within the district that can track movement outside the district. Fed. R. Crim. P. 41(b)(4). The government characterizes the NIT as such a device, maintaining that its installation occurred in-district because the defendants were accessing servers located in that district. Choosing between these frameworks has split district courts across the country, which underscores the difficulty of the question.

Having done that, the court declares it won't discuss the "tracking device" any further because it has already said suppression would punish the FBI for the magistrate's error. The evidence remains in play and the convictions of all three defendants are affirmed.

The problem with these decisions is they tacitly encourage law enforcement to ask judicial permission for illegal searches because if it's granted, it's the magistrate's fault, not the officers', and evidence obtained illegally won't be suppressed. When the FBI asked for permission to engage in extraterritorial searches, the DOJ was pushing for removal of Rule 41 jurisdiction limits. It's impossible the agent swearing out the warrant was unaware of this fact. It was a bad faith request converted to "good faith" by the magistrate's approval, whitewashing the FBI's actions and making the evidence unassailable in court.

from the winning-by-losing dept

The Ninth Circuit Court of Appeals is the latest appeals court to find the FBI's warrant for malware deployment during a child porn investigation to be invalid, but still close enough for government work. The FBI's NIT (Network Investigative Technique) was sent to visitors of a dark web child porn site called Playpen. The hitchhiking software then traveled out of the district the server was housed in (Virginia) to send back identifying info from computers and devices all over the world.

At the time the warrant was sought, warrants were only valid in the district they were issued. Multiple courts found the FBI's malware was a search under the Fourth Amendment. A smaller subset found the extrajurisdictional search unsupported by current law and the underlying warrant invalid from the moment it was issued. Challenges to the extrajurisdictional searches have all run into dead ends at the appellate level.

The First, Eighth, and Tenth Circuits have all refused to suppress evidence, even if the courts found the search warrant invalid. The reasoning? There was no deterrent effect served by suppressing the evidence because the law changed after the warrant was issued and the malware deployed to allow the FBI to engage in extrajurisdictional searches. In essence, this is retroactive application of a law that changed after the warrant was sought, giving it the sort of blessing courts won't extend to victims of law enforcement misconduct that happened to occur before precedential decisions explicitly declared that particular form of misconduct unconstitutional.

In addition to the retroactive application of Rule 41 jurisdictional changes, these appeals courts have also granted the government "good faith." Somehow, it's believed an FBI agent seeking a warrant for a search that he knew would violate Rule 41 limits when executed wasn't the FBI rolling the dice on favorable rulings and a potential future mooting by changes to the law.

There's more of the same in the Ninth Circuit decision [PDF]. The court says the warrant was bad but the faith was good, so no harm, no foul, no suppression. (h/t Brad Heath)

We agree with Henderson that Rule 41(b) is not merely a technical venue rule, but rather is essential to the magistrate judge’s authority to act in this case.

[...]

The Federal Magistrates Act, 28 U.S.C. § 636, defines the scope of a magistrate judge’s authority, imposing jurisdictional limitations on the power of magistrate judges that cannot be augmented by the courts.

[...]

Relevant here, § 636 authorizes magistrate judges to exercise “all powers and duties conferred or imposed” by the Federal Rules of Criminal Procedure. 28 U.S.C. § 636(a)(1). In turn, Rule 41(b) has been asserted as the sole source of the magistrate judge’s purported authority to issue the NIT warrant in this case. But, as we have explained, in issuing such warrant, the magistrate judge in fact exceeded the bounds of the authority conferred on magistrate judges under Rule 41(b). Thus, such rule plainly does not in fact confer on the magistrate judge the authority to issue a warrant like the NIT warrant. Without any other source of law that purports to authorize the action of the magistrate judge here, the magistrate judge therefore exceeded the scope of her authority and her jurisdiction as defined under § 636.

Thus endeth the bad news for the government -- bad news severely tempered by the fact the government still gets to keep its evidence. Even though the court recognizes the warrant was invalid the moment it was signed, it still gives the government points for effort. The Ninth says it's ok for law enforcement to rely on invalid warrants, so long as they've been signed by a magistrate. And good faith or not, the court says there's no reason to suppress the evidence because the house always wins there's no future misconduct to deter.

[T]here is no evidence that the officers executing the NIT warrant acted in bad faith. “To the extent that a mistake was made in issuing the warrant, it was made by the magistrate judge, not by the executing officers.”

[...]

Further, suppression of the evidence against Henderson is unlikely to deter future violations of this specific kind, because the conduct at issue is now authorized by Rule 41(b)(6), after the December 2016 amendment. The exclusionary “rule’s sole purpose, we have repeatedly held, is to deter future Fourth Amendment violations,” Davis v. United States, 564 U.S. 229, 236–237 (2011), and we see no reason to deter officers from reasonably relying on a type of warrant that could have been valid at the time it was executed—and now would be.

With four circuits weighing in and reaching the same conclusions, it seems unlikely any further appellate challenges will upset the FBI's malware apple cart. And if the same conclusions continue to be reached, there will no compelling reason for the Supreme Court to weigh in. Add to that the post-facto codification of the tactics used by the FBI in this investigation and you've got dozens of unconstitutional searches being laundered into Fourth Amendment compliance by courts unwilling to penalize the FBI for overstepping its bounds.

from the this-should-keep-this-out-of-the-Supreme-Court's-hands dept

Another challenge of the NIT (Network Investigative Technique) warrant used by the FBI during its investigation of a dark web child porn website has hit the appellate level. A handful of district courts have found the warrant used invalid, given the fact that its reach (worldwide) exceeded its jurisdictional grasp (the state of Virginia, where it was obtained). That hasn't had much of an effect on appeals court rulings, which have all found the warrant questionable to varying degrees, but have granted the FBI "good faith" for violating the jurisdictional limits the DOJ was attempting to have rewritten (Rule 41 -- which governs warrant jurisdictional limits, among other things) to allow it to do the things it was already doing.

Even though the FBI had to have known searches performed all over the world using one Virginia-based warrant violated Rule 41 limits, appellate judges have declared the FBI agent requesting the warrant wasn't enough of a legal expert to know this wasn't allowed. Two appeals courts have stated suppressing the evidence is pointless because the law changed after the jurisdiction limit violation took place. The appellate decisions have been troubling to say the least, providing further evidence that the good faith exception is the rule, rather than the outlier.

The latest decision [PDF] dealing with the NIT warrant comes from the Third Circuit Appeals Court. It, too, finds the warrant questionable. And it states the government has agreed the warrant was not valid under Rule 41(b).

The Government conceded below that “[a]lthough Rule 41 does authorize a judge to issue a search warrant for a search in another district in some circumstances, it does not explicitly do so in these circumstances.” App. 91 (Government Br. in Opposition to Motion to Suppress) (emphasis added).

The opinion goes on to note the government, having admitted its warrant was bad, then argued it was good because it was apparently thinking of a different part of Rule 41 when it applied for a warrant, even though none of this thought made its way into the affidavit as words.

On appeal, however, the Government curiously has reversed course, and now contends that the NIT was in fact explicitly authorized by Rule 41(b)(4), which provides that a magistrate judge may “issue a warrant to install within the district a tracking device; the warrant may authorize use of the device to track the movement of a person or property located within the district, outside the district, or both.” Fed. R. Crim. P. 41(b)(4) (emphasis added).

According to the Government, under this Rule, “the NIT warrant properly authorized use of the NIT to track the movement of information—the digital child pornography content requested by users who logged into Playpen’s website—as it traveled from the server in [EDVA] through the encrypted Tor network to its final destination: the users’ computers, wherever located.”

Wrong again, says the court, noting the disingenuousness of the government's goalpost move. (All emphasis added by me and not the court from this point forward.)

We need not resolve Werdene’s contention that the Government waived this argument because we find that the Government’s tracking device analogy is inapposite. As an initial matter, it is clear that the FBI did not believe that the NIT was a tracking device at the time that it sought the warrant. Warrants issued under Rule 41(b)(4) are specialized documents that are denominated “Tracking Warrant” and require the Government to submit a specialized “Application for a Tracking Warrant.” See ADMINISTRATIVE OFFICE OF U.S. COURTS, CRIMINAL FORMS AO 102 (2009) & AO 104 (2016). Here, the FBI did not submit an application for a tracking warrant – rather, it applied for, and received, a standard search warrant. Indeed, the term “tracking device” is absent from the NIT warrant application and supporting affidavit.

The court also helpfully finds that computer users have an expectation of privacy in their IP addresses and other identifying info housed in their computers. It points out the government obtained this directly from targets' computers rather than third parties, making this a Fourth Amendment search rather than a Third Party Doctrine case.

But that's where the good news ends for the defendant. The appeals court says the warrant was invalid the moment it was issued, but that this can't be held against the FBI. It rationalizes its opinion this way: suppression of evidence is for deterrence, not for righting the government's wrongs. So, it's OK for the FBI to rely on an invalid warrant because the judge made the error approving it. The FBI was not wrong to rely on the warrant, even though it very likely knew its request violated Rule 41 jurisdictional limits. Then it arrives at this conclusion -- one reached previously by another appeals court:

More importantly, the exclusionary rule “applies only where it ‘result[s] in appreciable deterrence.’” Herring, 555 U.S. at 141 (quoting Leon, 468 U.S. at 909) (emphasis added). Thus, even though Rule 41(b) did not authorize the magistrate judge to issue the NIT warrant, future law enforcement officers may apply for and obtain such a warrant pursuant to Rule 41(b)(6), which went into effect in December 2016 to authorize NIT-like warrants. Accordingly, a similar Rule 41(b) violation is unlikely to recur and suppression here will have no deterrent effect.

In other words, because it's now impossible for the FBI to engage in this violation of Rule 41, there's nothing to be gained by suppressing the evidence. In essence, the court is saying that if the DOJ can get laws changed quickly enough to codify earlier statutory violations, defendants challenging evidence based on legal violations that occurred before the law was changed are shit out of luck. Compare and contrast this to civil rights lawsuits where the courts have awarded good faith to law enforcement for apparent rights violations because they occurred before such acts were declared unconstitutional by precedential opinions. It's "heads I win, tails you lose" in federal courts, thanks to the good faith exception.

More cases will reach the appellate level but it hardly seems likely any of those will result in suppressed evidence for Playpen defendants. These findings will be reached despite most appellate judges declaring the underlying warrants void from the moment they were issued. Defendants asking for suppression are going to run into judges willing to forgive the FBI both before and after the fact, which means there's very little justice left in the justice system's tanks.

from the Rule-41-changes-create-another-foregone-conclusion dept

A third Appeals Court has ruled on the tactics the FBI used to track down users of a dark web child porn site. And the third one to rule -- the First Circuit Appeals Court -- continues the government's shut out of suppression orders at the appellate level.

In the two previous cases to reach this level (Tenth and Eighth), the judges found the FBI's Network Investigative Technique to be a search under the Fourth Amendment. This wasn't much of an issue because the FBI had a warrant. The real issue was the warrant's reach: it was issued in Virginia but the NIT found a home in computers all over the US, not to mention the rest of the world.

The lower courts' decisions ordering suppression of evidence for the use of an invalid warrant have all been rejected by US appeals courts. Good faith has been granted to the agent securing the warrant, thus preventing suppression of evidence. In one case, the court even conjectured the deterrent effect of evidence suppression made little sense now that the FBI has statutory permission to ignore jurisdictional limitations when seeking warrants.

The First Circuit Appeals Court's decision [PDF] is no different than those preceding it. The previously-granted suppression is reversed and the FBI awarded good faith for its warrant application, which clearly told the Virginia magistrate judge the agency intended to violate the warrant's jurisdictional limits. This decision, however, limits its discussion to the good faith exception and the judges refuse to draw possibly precedential conclusions about the magistrate judge's legal authority to grant a "search anywhere" warrant.

The "search anywhere" part of the warrant the lower court found invalid is all academic at this point. Rule 41 jurisdictional limits have been lifted. But that did not happen until after this warrant was procured and deployed. Like the Eighth Circuit before it, the First Circuit decides this after-the-fact rule change somewhat negates the deterrent effect of suppression.

The First Circuit says good faith prevails, as the warrant was more or less explicit in its intentions and still managed to be signed by a judge. In fact, the court praises the FBI for applying for a warrant it likely knew violated pre-rule change jurisdiction limitations.

We are unpersuaded by Levin's argument that because, at least according to him, the government was not sure whether the NIT warrant could validly issue under Rule 41, there is government conduct here to deter. Faced with the novel question of whether an NIT warrant can issue -- for which there was no precedent on point -- the government turned to the courts for guidance. The government presented the magistrate judge with a request for a warrant, containing a detailed affidavit from an experienced officer, describing in detail its investigation, including how the NIT works, which places were to be searched, and which information was to be seized. We see no benefit in deterring such conduct -- if anything, such conduct should be encouraged, because it leaves it to the courts to resolve novel legal issues.

I guess the court would prefer to tangle with legal issues it hasn't seen before. This would be one of them -- at least in terms of thousands of searches performed with a single warrant from a seized child porn server located in Virginia. The legal issues may be novel but the end result is more of the same: good faith exception granted and the admission of evidence questionably obtained.

from the well...-the-darkweb-is-like-an-unlit-highway... dept

The US court system has hosted a large number of lively discussions about the tactics used by the FBI in its Playpen child porn investigation. A lot of new ground was broken by the FBI, not all of it good. First, the agency kept a darkweb child porn site running for two weeks after it seized it. It did this to facilitate the distribution of malware designed to uncover information about the computers (and users) accessing the site.

Adding to the mess was the malware itself. The FBI's Network Investigative Technique (NIT) was deployed across the US (and across the globe) via a single warrant signed by a magistrate judge in Virginia. Plenty of courts have declared the FBI's warrant invalid, as the search performed violated Rule 41's jurisdictional limitations. (Those limitations no longer exist, so chalk up a win for the DOJ.) Many have also called the NIT's extraction of IP addresses and device-identifying info a search. But very few judges have seen fit to suppress the evidence obtained, either finding no privacy expectations in IP addresses or granting the FBI "good faith."

At the appellate level, only two Playpen cases have been heard, but both courts returned decisions in favor of the government. The process continues in full force at the lower levels, where the DOJ is still working its way through the dozens of cases springing from its NIT deployment.

In Texas, a federal judge has decided [PDF] against suppressing evidence obtained with the FBI's NIT. But Judge Xavier Rodriguez does so while using a descriptive term the government vehemently disagrees with. [h/t Brad Heath]

In December 2014, the Government became aware of a website named Playpen that contained child pornography. One of the servers for that website was in North Carolina. Ultimately the Government seized that server pursuant to a warrant, relocated the server to Virginia, and assumed the role of administrator. When the Government was unable to identify the identity of the approximate 150,000 members of the website, the Government obtained a warrant on February 20, 2015 to deploy Network Investigative Technique (NIT) malware. The warrant authorized the search for persons located in the Eastern District of Virginia. The malware, however, reached all computers accessing the website, including Defendant Halgren’s computer in San Antonio, Texas.

Through the malware the Government discovered that a user named “Platch” accessed the site, and the Government discovered the IP address associated with “Platch.” Defendant Halgren was the user associated with the IP address.

The FBI has argued its NIT isn't malware, even though it seems to fit the description. It's a payload designed to reveal IP addresses and device info without the target's permission or awareness. If deployed by anyone else other than the government, the government would take issue with the exploit's operation and delivery method.

Thus ends the things the government won't like in this opinion. The judge goes a route few others have, treating the malware like a tracking device. By casting it as something it really isn't, the judge is able to sustain the warrant's viability. If the NIT is a tracking device, no jurisdictional violations occurred. The tracking device simply "traveled" out of the jurisdiction and that can't possibly be the government's fault.

Magistrate Judges have authority “within the district in which sessions are held by the court that appointed the magistrate judge . . . and elsewhere as authorized by law.” 28 U.S.C. § 636(a). Former Rule 41 that was in effect in 2015 authorized a Magistrate Judge “to issue a warrant to search for and seize a person or property located within the district.” The Former Rule 41 provided “exceptions to this jurisdictional limitation for property moved outside of the jurisdiction, for domestic and international terrorism, for the installation of a tracking device, and for property located outside of a federal district. None of these exceptions [in 2015] expressly allow[ed] a magistrate judge in one jurisdiction to authorize the search of a computer in a different jurisdiction.”

But see United States v. Darby, 190 F. Supp. 3d 520, 536 (E.D. Va. 2016) (“Rule 41(b)(4) allows a magistrate judge to issue a warrant for a tracking device to be installed in the magistrate's district. Once installed, the tracking device may continue to operate even if the object tracked moves outside the district. This is exactly analogous to what the NIT Warrant authorized. Users of Playpen digitally touched down in the Eastern District of Virginia when they logged into the site. When they logged in, the government placed code on their home computers. Then their home computers, which may have been outside of the district, sent information to the government about their location. The magistrate judge did not violate Rule 41(b) in issuing the NIT Warrant.”)

Even if the court would have found the warrant invalid (which it didn't), it still would have allowed the FBI to keep the evidence because the Fourth Amendment doesn't cover IP addresses.

Given that the Defendant’s IP address was required to be disclosed to various third parties and Playpen to access the website, any subjective expectation of privacy the Defendant may have possessed was not objectively reasonable.

And if that wasn't enough, good faith is also granted, so any lack of a valid warrant still wouldn't have resulted in evidence suppression.

The warrant was not void at its issuance. Even if it had been, the Court concludes that the good faith exception would apply and that suppression would not be warranted.”); but see Levin, 186 F. Supp. 3d at 44 (NIT Warrant was issued without jurisdiction and thus was void ab initio and the good-faith exception is inapplicable). This Court disagrees with Levin and the three or four other courts that have ordered suppression. If a judge signed a warrant without the necessary probable cause determination that warrant was akin to being void. But if an officer reasonably relies upon that signing and acts in good faith, Leon holds that the evidence seized should not be suppressed.

This will almost certainly be appealed. There's still plenty of appeals courts left that haven't explored these issues. The first two tries went the government's way, but more eyes on more cases may actually result in a successful suppression effort. The problem is the rules (well, Rule 41 anyway) have changed. Courts may see little value in suppressing evidence the government can now acquire lawfully with last year's Rule 41 changes. The Eighth Circuit Appeals Court came to exactly that conclusion earlier this year.

The thing is, the government should still be deterred from breaking rules they know still exist, even if governing statutes may change in the future. The government hasn't stopped locking up marijuana users and dealers even though legalization in a majority of US states seems inevitable. This standard should be applied to the government by the only entities capable of doing it: the US courts.

from the so-much-for-valid-warrants-being-better-than-invalid-ones dept

A second appeals court has handed down a ruling on the constitutionality of the Network Investigative Technique (NIT) deployed by the FBI during its Playpen child porn investigation. The Tenth Circuit Appeals Court overturned the suppression of evidence granted by the lower court, ruling that the FBI's NIT warrant was invalid but that the agent's "good faith" reliance on the warrant prevented exclusion of the evidence.

Multiple courts have found the NIT warrant invalid. The warrant was obtained in Virginia but the search the FBI's malware performed accessed computers all over the world. Prior to the recent Rule 41 changes, warrant execution was limited to the jurisdiction it was obtained in. The Appeals Court worked around the jurisdictional limit by reasoning the NIT was sent from Virginia and returned info gathered in the same jurisdiction. It just kind of glossed over the part where computers located all over the nation were briefly infected by the NIT to obtain the information needed to pursue suspects.

The Eighth Circuit Appeals Court decision [PDF] finds more problems with the NIT warrant and execution than the Tenth Circuit did. The consolidated appeal, however, ultimately finds in favor of the government, overturning two lower court suppression orders.

First, the good news. The appeals court finds the FBI does indeed need warrants to perform these searches, even if IP addresses aren't necessarily protected by the Fourth Amendment.

In this case, the FBI sent computer code to the defendants’ respective computers that searched those computers for specific information and sent that information back to law enforcement. Even if a defendant has no reasonable expectation of privacy in his IP address, he has a reasonable expectation of privacy in the contents of his personal computer. [...] Moreover, the NIT retrieved content from the defendants’ computers beyond their IP addresses. We conclude the execution of the NIT in this case required a warrant.

The court also disposes of the government's "but it's kind of just a tracking device" argument:

Although plausible, this argument is belied by how the NIT actually worked: it was installed on the defendants’ computers in their homes in Iowa. The government rightly points out that our court interprets Rule 41 flexibly in light of advances in technology... but we agree with the district court that the “virtual trip” fiction “stretches the rule too far,” We agree with the majority of courts that have reviewed the NIT warrant. These courts have concluded that “the plain language of Rule 41 and the statutory definition of ‘tracking device’ do not . . . support so broad a reading as to encompass the mechanism of the NIT used in this case.” Id. Thus, we hold that the NIT warrant exceeded the magistrate judge’s jurisdiction.

It also agrees with the lower courts' findings the warrant was invalid from the moment it was obtained, since the NIT was clearly going to be traveling outside of the issuing judge's jurisdiction. But that's where the good news ends. The appeals court applies the "good faith" exception and declares the requesting agent -- who knew the NIT would travel outside the jurisdiction and suggested as much in the warrant request -- could rely on a warrant signed by a judge to execute these extrajurisdictional searches.

The defendants also argue that the NIT warrant was facially deficient because FBI agents should have known that a warrant purporting to authorize thousands of searches throughout the country could not be valid. Specifically, Horton argues that “there can be no credible argument that officers reasonably believed that none of the 214,898 members of [Playpen] were located outside of Virginia.” We, however, will not find an obvious deficiency in a warrant that a number of district courts have ruled to be facially valid. Further, we have declined to impose an obligation on law enforcement to “know the legal and jurisdictional limits of a judge’s power to issue interstate search warrants.” Law enforcement did not demonstrate bad faith, and we will apply the Leon balancing test as instructed by the Supreme Court.

So, law enforcement officers are not required to know the legal limits of the warrants they seek. Apparently, neither are judges, as the judge signed off on this warrant despite being told it would be executed outside of his jurisdiction.

But that's not the worst part of the opinion. The worst part is this: the court says there's no deterrent value in suppressing evidence obtained with a facially-invalid warrant because the law changed after the fact.

Because Rule 41 has been updated to authorize warrants exactly like this one, there is no need to deter law enforcement from seeking similar warrants.

Under this rationale, anyone currently incarcerated for marijuana possession or distribution in states where weed is now legal should have their sentences immediately vacated. After all, there's no deterrent effect in keeping them locked up, now that both actions have become legal.

So, it's now 2-0 in favor of the FBI in federal appeals courts. In the future, its NIT activities won't receive much scrutiny. But it appears everything it did in violation of Rule 41 prior to the rule changes is being forgiven by higher courts -- whether with generous applications of the "good faith" doctrine or by making the Rule 41 changes effectively retroactive.

from the faith-based-decision-making dept

The first FBI Playpen investigation warrant challenge to reach the appellate level has been denied. Andrew Workman moved to suppress evidence obtained by the FBI's Network Investigative Technique (NIT) because warrant was deployed far outside its Eastern District of Virginia jurisdiction. Workman lives in Colorado.

The Tenth Circuit Appeals Court decision [PDF] starts with a light treatise on how technology is outpacing the law and the difficulties this poses for law enforcement agencies used to obtaining identifying information with nothing more than a subpoena.

The advent of the internet created new opportunities for viewers of child pornography, allowing immediate access to illicit websites. Use of these sites frequently leaves a computerized trail, allowing the FBI to find viewers of child pornography. But technological advances have allowed viewers of child pornography to access illicit websites without leaving a trail. To monitor access to one such website, the FBI has tried to keep up; in this case, the FBI seized and assumed control, using malware to identify and find the individuals accessing child pornography.

Though the FBI controlled the website, users lived throughout the nation. To find the users, the FBI needed a warrant. But, a paradox existed. The FBI maintained the website in the Eastern District of Virginia, but users were spread out all over the country. Finding those users could prove difficult because of geographic constraints on the FBI’s ability to obtain a warrant. Notwithstanding these constraints, the FBI obtained a warrant that led to the discovery of hundreds of viewers of child pornography. One was the defendant, who faced prosecution in the District of Colorado.

This gives the reader early notice on where the decision is heading. The lower court found [PDF] the FBI's warrant invalid because its NIT traveled far outside its authorized jurisdiction. The appeals court agrees the warrant is invalid, but says the evidence shouldn't be suppressed.

The district court shot down the government's arguments for the warrant's validity, pointing out that while the seized child porn server resided in Virginia, the information gathered by the FBI's malware was obtained from computers outside the district. The government also tried to portray the NIT as a tracking device, in hopes of putting its warrant back on firmer Rule 41 ground, but the lower court shot that down as well.

In this decision, the Appeals Court grants the FBI "good faith." While doing so, it directly contradicts the lower court's findings on both issues.

We start with the presumption that the executing agents “acted in good-faith reliance upon the warrant.” United States v. Campbell, 603 F.3d 1218, 1225 (10th Cir. 2010). This presumption is bolstered by what the executing agents would have known:

1. The software was installed in a government server located in the Eastern District of Virginia.

2. The magistrate judge, who issued the warrant, was in the Eastern District of Virginia.

3. All of the information yielded from the search would be retrieved in the Eastern District of Virginia.

With these facts, the executing agents could reasonably rely on the magistrate judge’s authority to issue a warrant authorizing installation of software and retrieval of information in the Eastern District of Virginia.

This was the lower court's finding:

I am not persuaded by the government’s argument. Rule 41(b)(2) applies to property located in the same district as the magistrate judge at the time the warrant is issued. As stated above, the NIT was designed to search “activating computers,” and, in this case, Mr. Workman’s computer was located in the District of Colorado when the warrant was issued. Further, there is no evidence that the property (information) to be seized, such as Mr. Workman’s IP address, was located in the Eastern District of Virginia at the time the warrant was issued either.

Here's the lower court on the "tracking device" argument:

While it is tempting to view the NIT as a tracking device, the reality of the technology at issue here is that the NIT did not “track the movement of . . . property” as Rule 41(b)(4) contemplates. The government did not obtain Mr. Workman’s IP address by tracking the data as it moved through various relay nodes back to Mr. Workman’s computer. Rather, the government, through the NIT, searched Mr. Workman’s computer and seized his IP address along with various other pieces of information.

In response, the appeals court just says the FBI needs to defer to the magistrate issuing the warrant because technical things are too complicated for agents to sufficiently grasp.

It is true that the affiant and magistrate judge never mentioned the term “tracking device,” and the FBI’s method differs from more conventional tracking devices. But the executing agents lacked precedents on these issues and could reasonably defer to the magistrate judge on these nuanced legal issues.

In fact, it's ignorance that saves the day, as it often does when courts hand down "good faith" rulings. The less law enforcement knows, the more likely it is the evidence won't be suppressed.

We expect agents executing warrants to be “reasonably well-trained,” but we do not expect them to understand legal nuances the way that an attorney would.

No, we don't expect law enforcement officers to be lawyers but we do expect them to be aware of the same jurisdictional limits the FBI was petitioning the government to have lifted. It's inconceivable the agent requesting the warrant -- an agent the government uses as an expert witness -- didn't know the reach of the NIT would extend far beyond the jurisdiction it was approved for.

from the good-findings-mixed-with-questionable-conclusions dept

Thanks to the FBI's one-to-many NIT warrant, which was issued in Virginia but reached thousands of computers all over the world, yet another federal judge is dealing with the fallout of the feds' efficiency. Michigan federal judge Thomas Ludington finds plenty he doesn't like about the FBI's malware and the DOJ's defense of it, but still can't quite find enough to warrant suppression of the evidence [PDF link].

Properly stated, the question here is whether the FBI’s NIT warrant so exceeded the limits of the magistrate judge’s jurisdiction and authority or reasonable behavior by law enforcement as to require suppression to deter similar actions in the future. Although the NIT warrant exceeded the scope of Rule 41(b) as it existed at the time, the FBI’s actions in investigating and closing Playpen were reasonable and directed toward securing the judicial review of law enforcement which the Fourth Amendment contemplates. Given the circumstances, suppression is not appropriate.

That being said, the opinion does offer plenty of counters to the DOJ's legal rationale -- something that other defendants in the FBI's massive Playpen investigation might find useful. The court, like others, finds the FBI exceeded the jurisdictional limitations of Rule 41 and no amount of creative phrasing is going to change that.

None of the three bases in Rule 41(b) provided jurisdiction for the magistrate judge to approve the warrant. Rule 41(b)(1) cannot serve as the basis for jurisdiction. Under that provision, a magistrate judge can issue a warrant to seize property “located in the district.” Here, the server housing Playpen had been transported to Virginia by the FBI, but the NIT involved the transmission of information from that server to computers located around the country and then back to the server. The relevant information (or “property”8 ) was the information requested by the NIT from the user’s computer. The NIT cannot be reasonably construed as seizing information “located in the district” even if the request for the information originated from a server in Virginia.

[...]

Even if Kahler had some contact with the Playpen server located in Virginia, the information sought by the NIT was all located in Michigan. The mere fact that the information from outside the district was brought into the district cannot satisfy Rule 41(b)(2). If that scenario was sufficient, then there would effectively be no jurisdictional limit on warrants for seizure of personal property, because property can typically be moved.

It also finds -- during its discussion of Rule 41 limitations -- that the DOJ can't justify its defective warrant by claiming the software was merely a "tracking device." The NIT pulled information from a computer -- including information that would ID the user -- and left nothing behind to track further computer "movements." That changes the purpose -- and the scope -- of the intrusion.

The receipt of the username associated with the computer’s operating system goes beyond simple location data to descriptive data regarding the identity of the user. The NIT is more than just a “tracking device”; it is a surveillance device.

Additionally, the entire purpose of the NIT was to interact with a computer and obtain information that was located in another district. Even though the NIT was nominally installed on the Playpen Server, the NIT’s “tracking” functionality occurred in other districts. Finally, the purpose of the NIT was to discover the location of the users accessing Playpen, not track their movement.

The government also argued that even if the warrant was faulty, it was ultimately unnecessary because the information obtained fell under the Third Party Doctrine. The court disagrees (nodding to the Supreme Court's Riley decision), finding that efforts users make to cloak their identity -- even while engaging in criminal activity -- generates a layer of privacy protection under the Fourth Amendment.

The Government argues that, despite using a software which exists only to veil the user’s IP address from prying eyes, the user has no reasonable privacy interest in his or her IP address. This argument has little to recommend it. If a user who has taken special precautions to hide his IP address does not suffer a Fourth Amendment violation when a law enforcement officer compels his computer to disclose the IP address, the operating system, the operating system username, and other identifying information, then it is difficult to imagine any kind of online activity which is protected by the Fourth Amendment. Internet use pervades modern life. Law enforcement, acting alone, may not coerce the computers of internet users into revealing identifying information without a warrant, at least when the user has taken affirmative steps to ensure that third parties do not have that information.

This contrasts with other decisions dealing with the same subject matter, where judges have found there's no expectation of privacy in IP addresses, even when one has taken extra steps to obscure it. Those findings seem logically contradictory, at best. If someone's attempts to keep third parties from obtaining information, this information can't truly be considered held by a third party. Stripping away these efforts turns the FBI into the "third party," and the government isn't allowed to both act as a third party and excuse its actions with the Third Party Doctrine.

But in the end, there's no suppression. As the court points out, two things weigh against suppressing the evidence, even with the warrant being facially invalid under Rule 41. First, the FBI malware only infected registered users visiting the dark web child porn site, which makes the possibility of accidental infection almost nonexistent. Second, the fact that the FBI had no idea where the site's visitors were actually located makes this an inelegant solution to a problem, not a case of judge-shopping for compliant magistrates.

[T]his is not a case where the FBI purposely avoided compliance with the law. The investigation of Playpen was difficult precisely because the FBI had so little information about the location of the users. If the FBI had known where certain users were located but nevertheless chose to seek a warrant in another district, suppression would be appropriate. In that case, the FBI would have purposely skirted the law despite a legal alternative. Kahler’s arguments, if accepted, would imply that the FBI should not have conducted the NIT investigation at all because the users were masking their true location. The FBI’s decision to adopt novel tactics to bring individuals distributing child pornography behind location-concealing software to justice is not inherently troubling behavior.

In the future, the FBI won't have to deal with nearly as many suppression hearings, thanks to changes to Rule 41. These decisions are becoming relics of statutorial limitiations almost as soon as they're issued. Even if courts find the malware deployment to be a search invasive enough to trigger Fourth Amendment protections, the lack of jurisdictional limits going forward will prevent them from being challenged.

Unfortunately, the rule changes are almost guaranteed to encourage more frequent deployments of tools designed to decloak anonymous internet users. The breadth and reach of these warrants will be almost unchecked and that's bad news for activists, dissidents, and others who just want to stay off the internet grid. Sure, it's also bad news for child porn fans, but child porn, terrorism, drug warring, etc. is where these efforts start. It's seldom where they end.

from the extreme-tactics,-voluntary-dismissals dept

The FBI has decided to let one of its Playpen defendants walk rather than turn over information on its Network Investigative Technique. The NIT, deployed all over the world on the back of a single warrant obtained in Virginia, unmasked Tor users by dropping code on Playpen visitors' computers that sent back IP addresses and other information about the user's computer.

The warrant itself has been ruled invalid by a number of judges presiding over Playpen prosecutions, although not all of them have determined that the evidence obtained by the NIT should be suppressed. The FBI not only sent malware to site visitors, but it also ran (and possibly improved) the child porn website for two weeks while pursuing its investigation.

Michaud's lawyer asked the court to force the FBI to hand over information on the NIT. The FBI countered, saying it wouldn't turn over the information even if orderedto do so. Judge Bryan, after an in camera session with the agency, agreed with the government that there was a law enforcement need to keep the details of the tool secret. But he also made it clear the government couldn't have both its secrecy and its evidence. He ordered all evidence suppressed.

With all evidence deriving from the forced exposure of Michaud's IP address, there was nothing left for the government to work with. It could have voluntarily turned over information to Michaud's defense lawyer for examination, but has chosen instead [PDF] to let Michaud go free. (h/t Andrew Crocker)

On June 23, 2016, the United States Attorney’s Office for the Western District of Washington filed a protective Notice of Appeal to preserve the right of the United States to pursue an interlocutory appeal of the order of the district court granting the defense motion to compel and finding, as a remedy for the refusal to comply that the evidence of the Network Investigative Technique (NIT), the search warrant issued on the basis of that evidence and the fruits of that search should all be suppressed.

Upon further review within the Department of Justice or the Court’s order and the record in the case, the United States has concluded that this appeal should not be pursued. It is for that reason that the United States now respectfully requests that this appeal be dismissed.

The FBI is developing quite the reputation for dropping prosecutions in the face of challenges of its secret tools and techniques. The NDAs it hands out to every law enforcement agency seeking to purchase Stingrays not only tells them to obscure the device's use, but to let suspects walk if it seems some of this info might make its way into the courtroom.

What's more problematic here is the FBI/DOJ's two-faced stance on these issues. The FBI argues in court (often obtaining the court's agreement) that these questionable tactics (deploying malware, warrants that ignore jurisdictional limits, running child porn sites rather than shutting them down, etc.) are justified because the people it's going after (child porn viewers/distributors) are that terrible. But then it turns around and lets the very bottom of its basket of criminal suspect deplorables go free rather than hand over information to the defense. It does this even though the defense, the judge, and the DOJ would do all they could to protect as much of the NIT information as possible, including sealing documents and redacting those that are published.

Fortunately, the judge presiding over this case wasn't going to let the FBI have 100% secrecy and 100% of the derived evidence. And that has resulted in a voluntary dismissal of someone the government clearly felt was enough of a criminal menace that its extreme tactics were justified.